linux/certs
Nayna Jain 781a573948 ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies
IMA_APPRAISE_MODSIG is used for verifying the integrity of both kernel
and modules. Enabling IMA_APPRAISE_MODSIG without MODULES causes a build
break.

Ensure the build time kernel signing key is only generated if both
IMA_APPRAISE_MODSIG and MODULES are enabled.

Fixes: 0165f4ca22 ("ima: enable signing of modules with build time generated key")
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-04-26 21:54:23 -04:00
..
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
blacklist_hashes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
blacklist_nohashes.c certs/blacklist_nohashes.c: fix const confusion in certs blacklist 2018-02-21 15:35:43 -08:00
blacklist.c certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID 2021-01-21 16:16:10 +00:00
blacklist.h certs/blacklist: fix const confusion 2018-06-26 09:43:03 -07:00
Kconfig ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies 2021-04-26 21:54:23 -04:00
Makefile ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies 2021-04-26 21:54:23 -04:00
system_certificates.S ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies 2021-04-26 21:54:23 -04:00
system_keyring.c ima: enable loading of build time generated key on .ima keyring 2021-04-09 10:40:20 -04:00